Robert L. Norman
Sr. Program Manager, Safeguards Information
As part of its role in protecting health and safety, the NRC uses information security procedures to prevent sensitive information from getting into the wrong hands. The NRC puts sensitive information in three categories: classified, Safeguards Information (SGI), and Sensitive Unclassified Non-Safeguards Information (SUNSI).
Each category has specific marking requirements and security procedures. Although the NRC is the only agency with the authority to set requirements for protecting SGI, most agencies have requirements for the protection and designation of unclassified sensitive information.
You’ve probably heard the terms Top Secret, Secret, and Confidential; these are categories of classified information. Each category has a corresponding federal security clearance level needed for access. Executive Orders, Security Classification Guides and the Atomic Energy Act of 1954, as amended, lay out criteria for protecting information and identifying what nuclear information is classified at a particular level. A breach of classified information could threaten national security.
SUNSI, while generally unavailable to the public, does not require a federal security clearance. This category of information contains various types of information, including Personally Identifiable Information and attorney-client privilege. SUNSI is protected by the Privacy Act, NRC and other federal agency regulations.
While classified information and SUNSI are broad categories, SGI is much narrower. The SGI designation covers the physical protection of nuclear facilities and materials. This includes operating reactors, spent fuel shipments, and radioactive material at certain levels. Nuclear facilities require high security measures. Armed guards, physical barriers, and surveillance systems are just some of the ways we protect nuclear plants. Information about these detailed security measures is carefully guarded. Without SGI protection, people could use this information to attempt to circumvent physical barriers and break into security systems.
Section 147 of the Atomic Energy Act requires the NRC to regulate SGI. The NRC is in charge of deciding what qualifies as SGI and how to protect it. A specially trained group of personnel, called SGI Designators, create and/or check documents for SGI. Even though a federal security clearance isn’t needed for access, SGI is treated similarly to Confidential information. Individuals must pass a background check and have a “need to know” to access SGI.
The use of SGI has often come into question. The Office of the Inspector General conducted an audit in 2004 of the NRC’s protection of SGI. According to the audit, the Confidential classification could protect SGI without seriously affecting costs. However, NRC staff concluded the proposal would require the government to perform thousands of expensive federal security clearances and change how information is stored and encrypted. A switch to a lower designation, such as standard official use only, would put security at risk. Current regulations already protect SGI without breaking the bank.
Another OIG audit revisited the topic in 2012. This audit discussed giving people outside of the NRC and its licensees access to SGI. The OIG recommended setting up a specific plan for granting outsider access. Based on the recommendations, outsiders will still need to undergo background checks and have a “need to know.”
The NRC strives to be as open and transparent as possible. However, when it comes to safeguarding sensitive information for the good of the country, and our licensees, information protection will always take priority over transparency.
U.S. NRC Blog 
Quote: “…information protection will always take priority over transparency…” Of course it will, even if the protection is inappropriate. The silence is disclosing the message, ‘shhh, we got secrets that are killing the unsuspecting citizens, that is why they are secrets.’
Thanks Doc, this discloses another classification, “Attorney Client Privilege”
I did note this link in a search concerning “the Oconee/ Jocassee Dam vulnerability concealment” http://pbadupws.nrc.gov/docs/ML1425/ML14258A077.pdf This link disclosed another classification on page 170 of the PDF – ” EX 5 (3) Withhold All, Attorney Client Privilege.” Criminal or inappropriate activity such as negligence, on whose part?
Another linked article where engineers make some profound statements, “”… a reliability and risk engineer with the agency’s (NRC) division of risk analysis, alleged that NRC officials falsely invoked security concerns in redacting large portions of a report…The redacted information shows that the NRC is lying to the American public about the safety of U.S. reactors…Although it is not a given that Jocassee Dam will fail in the next 20 years…it is a given that if it does fail, the three reactor plants will melt down and release their radionuclides into the environment.””” http://www.washingtonsblog.com/2012/10/nrc-whistleblowers-higher-risk-of-nuclear-melt-down-in-u-s-than-fukushima.html Very revealing.
It seems that by the NRC’s own admission, someone in the agency made the decision to inappropriately withhold safety information. In so doing they intentionally deceived the public, the only question that remains, what was the outcome of the OIG investigation for inappropriate classification of safety information which would save human life, or is that classified? Has the policy of inappropriate classification of public safety related information been corrected?
What happened with the Oconee/ Jocassee Dam vulnerability concealment episode?
A question of balance?
It is my opinion that the NRC and nuclear power operators have grossly abused the system of security classifications. There is a place for information safeguards, it is not community safety and the hiding of operative failures on the part of nuclear operators and you, our regulator.
Never should information regarding safety of nuclear facilities be classified as “proprietary information,” IE WANO and INPO safety reports which directly demonstrate safety and Human Reliability shortcomings of nuclear operators and NRC failures. The NRC supports this inappropriate classification.
SHAME ON YOU for hiding safety reports, it is wrong and is demonstrative of the NRC’s support of the nuclear industry instead of 100% support of safety and disclosure of safety issues. You are the regulator not INPO and WANO, it should be made plain to all involved that all public safety issues will be disclosed, that is not the case.
Another bothersome issue is the withholding of security inspections, particularly physical and force on force inspections. It is my opinion that your tests of the security of nuclear facilities are minimalistic and weak. I recognize the importance of not disclosing security weaknesses, unfortunately there is a question of trust and information that may be disclosed. Trust is earned, and ladies and gentleman of the NRC, you have not earned it, in my opinion. Primarily because of the lack of appropriate disclosures of safety related information.
Utilizing contracted personnel for physical security and the lack of disclosures of failed oversight regarding tests of security does not facilitate trust. This is a nuclear industry wide problem, not just the NRC. There is further concern when the public hears statements from Congress which amount to threats of defunding the NRC because of your regulatory responsibilities.
How is the public to know that your mission of protection and safety of the public is accomplished without appropriate disclosures?